Vulnerability in Microsoft Internet Explorer Could allow Remote Code Execution

Number: AL14-003
Date: 21 February 2014


The purpose of this Alert is to bring attention to Microsoft’s workaround solution to address a use-after-free vulnerability in Internet Explorer versions 9 and 10 being used in targeted attacks.


CCIRC is aware of targeted attacks exploiting a use-after-free vulnerability in Internet Explorer versions 9 and 10. Attackers could exploit this vulnerability by creating or compromising a website designed for this purpose, then using social engineering to influence the user to visit the website, usually by clicking on a link in an email or instant message, or opening an attachment. Successful exploitation allows for the execution of arbitrary code.  

Although this activity appears to be limited at the time of writing, it is important to note that this type of attack is highly adaptable and can be used to target various critical infrastructure industries.

CVE Reference: CVE-2014-0322

Suggested action

CCIRC recommends that organizations review the following mitigation steps and consider their implementation in the context of their network environment:


Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: